Linux, DevOps and Cloud Expert at Linux Guru !

We will use Helm to install Cert Manager to our Cluster. Cert-Manager is a Kubernetes native certificate manager. One of the most significant features that Cert-Manager provides is its ability to automatically provision TLS certificates. Based on the annotations in a Kubernetes ingress resource, the cert-manager will talk to Let’s Encrypt and acquire a certificate on your service’s behalf.
Note : Ensure that you are using Helm v2.12.1 or later.
Prerequisites :
  • A Kubernetes cluster version 1.8+
  • The kubectl CLI installed and configured
  • Helm and Tiller should be installed.

1. Connect the cluster :

 gcloud container clusters get-credentials yourclustername --zone zonename --project projectname

2. Create role for accessing helm to the cluster :

 kubectl create clusterrolebinding tiller-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
helm  init

3. Install the CustomResourceDefinition resources separately :

 kubectl apply  -f

4. Label the cert-manager namespace to disable resource validation :

Next, we’ll add a label to the kube-system namespace, where we’ll install cert-manager, to enable advanced resource validation using a webhook.
kubectl label namespace kube-system"true"

5. Install the cert-manager Helm chart :

Finally, we can install the cert-manager Helm chart into the kube-system namespace:
 helm install --name cert-manager --namespace kube-system stable/cert-manager

6. Create Production Issuer file :

Begin by creating a yaml file named “prod_issuer.yaml” and add the following text to it:
kind: ClusterIssuer
  name: letsencrypt-prod
    # The ACME server URL
    # Email address used for ACME registration
    # Name of a secret used to store the ACME account private key
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    http01: {}
email = your email id.
We then specify an email address to register the certificate, and create a Kubernetes Secret called letsencrypt-staging to store the ACME account's private key. We also enable the HTTP-01 challenge mechanism.

7. Apply the issuer file :

kubectl apply -f prod_issuer.yaml

8. Make the following changes in ingress file : letsencrypt-prod
  - hosts:
    secretName: letsencrypt-prod
We will now perform a test using curl to verify that HTTPS is working correctly.
We have successfully configured HTTPS using a Let's Encrypt certificate for our Nginx Ingress.

No comments:

Post a Comment